#!/usr/bin/python3
## Call with "--help" for documentation.
-import argparse, subprocess, re, os, datetime
+import argparse, certcheck
-def check_dir(dirname, days):
- for name in os.listdir(dirname):
- name = os.path.join(dirname, name)
- if os.path.isdir(name):
- check_dir(name, days)
- elif name.endswith('.crt'):
- check_file(name, days)
+parser = argparse.ArgumentParser(description='Check for soon-to-expire (and already expired) certificates')
+parser.add_argument("-d", "--days", metavar='N',
+ dest="days", type=int, default=14,
+ help="Warn about certificates valid for less than N (default 14).")
+parser.add_argument("certs", metavar='CERTS', nargs='+',
+ help="These certificate files are checked. Directories are searched recursively for files called '*.crt'.")
+args = parser.parse_args()
-def check_file(filename, days):
- valid_not_after = subprocess.check_output(["openssl", "x509", "-enddate", "-in", filename, "-out", "/dev/null"]).decode('utf-8')
- match = re.match("notAfter=([a-zA-Z0-9: ]+)", valid_not_after)
- assert match is not None, "Unexpected output from openssl: valid_not_after"
- enddate = match.group(1)
- enddate = datetime.datetime.strptime(enddate, '%b %d %X %Y %Z')
- delta = enddate - datetime.datetime.now()
- if delta < datetime.timedelta(days=days):
- print("{} expires at {}, which is in {} days".format(filename, enddate, delta.days))
-
-if __name__ == "__main__":
- parser = argparse.ArgumentParser(description='Check for soon-to-expire (and already expired) certificates')
- parser.add_argument("-d", "--days", metavar='N',
- dest="days", type=int, default=14,
- help="Warn about certificates valid for less than N (default 14).")
- parser.add_argument("certs", metavar='CERTS', nargs='+',
- help="These certificate files are checked. Directories are searched recursively for files called '*.crt'.")
- args = parser.parse_args()
-
- for name in args.certs:
- if os.path.isdir(name):
- check_dir(name, args.days)
- else:
- check_file(name, args.days)
-
-
+for name in args.certs:
+ if os.path.isdir(name):
+ certcheck.check_dir(name, args.days)
+ else:
+ certcheck.check_file(name, args.days)
--- /dev/null
+import subprocess, re, os, datetime
+
+def check_dir(dirname, days):
+ for name in os.listdir(dirname):
+ name = os.path.join(dirname, name)
+ if os.path.isdir(name):
+ check_dir(name, days)
+ elif name.endswith('.crt'):
+ check_file(name, days)
+
+def cert_expiry_date(filename):
+ valid_not_after = subprocess.check_output(["openssl", "x509", "-enddate", "-in", filename, "-noout"]).decode('utf-8')
+ match = re.match("notAfter=([a-zA-Z0-9: ]+)", valid_not_after)
+ assert match is not None, "Unexpected output from openssl: " + valid_not_after
+ enddate = match.group(1)
+ return datetime.datetime.strptime(enddate, '%b %d %X %Y %Z')
+
+def check_file(filename, days):
+ enddate = cert_expiry_date(filename)
+ delta = enddate - datetime.datetime.now()
+ if delta < datetime.timedelta(days=days):
+ print("{} expires at {}, which is in {} days".format(filename, enddate, delta.days))
projects / lets-encrypt-tiny.git / commitdiff